The BBC is rolling out HSTS for their website to improve security and performance. Find out what it means, and how HSTS can help you.
Learn how to set first-party cookies to ensure security, cross-browser compatibility, and minimize chances of breakage once third-party cookies are phased out.
Forgetting or misusing the Cache-Control header may negatively impact the security of your website and your users' privacy.
Use the Reporting API to monitor security violations, deprecated API calls, and more.
A new version of the Reporting API is available. It's more private and more likely to be supported across browsers.
The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page.
Learn more about headers that can keep your site safe and quickly look up the most important details.
How to deploy a CSP based on script nonces or hashes as a defense-in-depth against cross-site scripting.
Cross-origin isolation enables a web page to use powerful features such as
SharedArrayBuffer. This article explains how to enable cross-origin
isolation on your website.
Sometimes, you need to run your local development site with HTTPS. Tools and tips to do this safely and quickly.
Using http://localhost for local development is fine most of the time, except in some special cases. This post explains when you need to run your local development site with HTTPS.
Maximize conversions by helping your users complete address and payment forms as quickly and easily as possible.
Help your users sign up, log in and manage their account details with a minimum of fuss.
Learn how to optimize your SMS OTP form and improve user experience.
The definition of "same-site" is evolving to include the URL scheme, so links between HTTP and HTTPS versions of a site now count as cross-site requests. Upgrade to HTTPS by default to avoid issues where possible or read on for details of what SameSite attribute values are needed.
Mitigate the risks associated with unintentional exposure of devices
and servers on a client’s internal network to the web at large.
Redirect a request to
/.well-known/change-password to the change-passwords URL
Best practices to set your Referrer-Policy and use the referrer in incoming requests.
A summary of the major news and updates that were announced during our 3-day online community event, and a reminder about upcoming regional events.